-
Notifications
You must be signed in to change notification settings - Fork 33
/
basket.php
68 lines (63 loc) · 3.02 KB
/
basket.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php
include('config/config.php');
if(defined('disable') && disable){
include('noservice.html');
exit;
}
include('functions/db.php');
include('functions/settings.php');
require_once('libs/Smarty.class.php');
$get_query = new setup;
$db1 = new db;
$db1->connect();
mysqli_select_db( $GLOBALS['__Connect'] , database_portfolio);
$query_users_db = sprintf("SELECT * FROM basket WHERE paid='false' and ip = %s AND prod_id= %s",$db1->GetSQLValueString($_SERVER['REMOTE_ADDR'],'text'),$db1->GetSQLValueString($_GET['id'],'int'));
$users_db = mysqli_query($GLOBALS['__Connect'] ,$query_users_db) or die(mysqli_error($GLOBALS['__Connect']));
$row_users_db = mysqli_fetch_assoc($users_db);
$totalRows_users_db = mysqli_num_rows($users_db);
if($totalRows_users_db == 0) {
?>
<?php mysqli_select_db( $GLOBALS['__Connect'] , database_portfolio);
$query_users_db = sprintf("SELECT * FROM files WHERE id= %s",$db1->GetSQLValueString($_GET['id'],'int'));
$users_db = mysqli_query($GLOBALS['__Connect'] ,$query_users_db) or die(mysqli_error($GLOBALS['__Connect']));
$row_users_db = mysqli_fetch_assoc($users_db);
$totalRows_users_db = mysqli_num_rows($users_db);
if($totalRows_users_db > 0)
{
if(1 ==1) {
mysqli_select_db( $GLOBALS['__Connect'] , database_portfolio);
$query_users_db = sprintf("SELECT * FROM files WHERE id= %s",$db1->GetSQLValueString($_GET['id'],'int'));
$users_db = mysqli_query($GLOBALS['__Connect'] ,$query_users_db) or die(mysqli_error($GLOBALS['__Connect']));
$row_users_db = mysqli_fetch_assoc($users_db);
$totalRows_users_db = mysqli_num_rows($users_db);
$insertSQL = sprintf("INSERT INTO basket (ip,name, prod_id, price,uname,token,image,type,length,type2,display,prod_type) VALUES (%s,%s, %s, %s, %s, %s,%s,%s,%s,%s,%s,%s)",
$db1->GetSQLValueString($_SERVER['REMOTE_ADDR'], "text"),
$db1->GetSQLValueString($row_users_db['name'], "text"),
$db1->GetSQLValueString($_GET['id'], "int"),
$db1->GetSQLValueString($row_users_db['price'], "text"),
$db1->GetSQLValueString($_GET['uname'], "text"),
$db1->GetSQLValueString($_GET['uname'], "text"),
$db1->GetSQLValueString($row_users_db['image'], "text"),
$db1->GetSQLValueString('file', "text"),
$db1->GetSQLValueString($row_users_db['length'], "text"),
$db1->GetSQLValueString($row_users_db['type'].'', "text"),
$db1->GetSQLValueString($row_users_db['fname'], "text"),
$db1->GetSQLValueString($row_users_db['prod_type'], "text"));
mysqli_query($GLOBALS['__Connect'],$insertSQL) or die(mysqli_error($GLOBALS['__Connect']));
?>{
"added": "true",
"status": "success"
}
<?php } else { ?>{
"added": "false",
"status": "This service is not a direct service. Please contact support"
}<?php } } else
{ ?>{
"added": "false",
"status": "product not found"
}<?php
}
} else { ?>{
"added": "false",
"status": "Already in basket"
}<?php } ?>